Planning to upgrade from an earlier version?

If you plan to upgrade from an earlier version of Splunk to version 4.3, be sure to read "About Upgrading to 4.3 - READ THIS FIRST" in the Installation Manual for important things you'll need to know before you upgrade.

User interface improvements

Splunk 4.3 includes substantial improvements to the user interface and workflow. Enhancements include:

Charting controls integrated with timeline view

Drag-and-drop dashboard editing

Simplified workflow for saving searches

Unified "Create" button for alerts, reports, and dashboard panels

New "digest" field for grouping alert notifications

Integrated time range picker and search button

More accessible job control and job inspector buttons

Improvements to message banners

Non-Flash UI

To improve support of iOS hand-held devices, Splunk Web now provides non-Flash chart and timeline display. This also improves printing quality. For more information about the non-Flash charts, as well as the circumstances that might cause Splunk to render charts in Flash, see:

Dashboard panel editor

Splunk 4.3 exposes charting controls in a consistent UI that is accessible both from the dashboard and from the report builder UI, allowing you to discover and use this important feature more effectively. For information on how to use the dashboard panel editor, refer to:

Sparklines

Sparklines are a technique to increase information density in tables by adding inline charts to specific cells. They are most commonly used to show time-based trends associated with the primary key of a given row.

Per-result alerting

Real time backfill

When you run a real-time windowed search, you can specify that Splunk backfill the initial window with historical data. This ensures real-time dashboards seeded with data on actual visualizations and statistical metrics over time periods are accurate from the start. For more information, refer to:

Data preview (single file)

See what data sources are about to be indexed, to where, and preview how their event extractions will be handled by Splunk. Data preview makes it easy to test new sourcetypes and troubleshoot how Splunk will handle them. Data preview lets you see what you're getting, before you commit to an indexing strategy. For more information on data preview, check out:

Structured data field extraction (JSON, XML)

Increasingly, machine data is being generated in structured data formats such as XML and JSON. We've extended the Splunk search language to allow users to extract data from these structures in a straightforward way. For more information, check out:

Per-user time zones

Large deployments often include users in different timezones. These users want to see the data in the timezone they're in. Splunk now supports setting a time zone for each user. For more information, check out:

"Add and edit users" in the topic "Set up user authentication with Splunk's built-in system" in the Admin Manual.

Multi-domain LDAP

Multiple domain authorization helps large IT departments overcome the challenges of expanding Splunk across departments where different AAA systems are in use. This also resolves issues where, due to the risk of circular references, Splunk isn't able to follow referrals from one LDAP system to another safely. For more information, check out:

IPv6

Splunk supports using IPv6 addresses for all network activity, including data forwarding and splunkweb. Users can use Splunk transparently as they migrate their network to IPv6 and can leverage their existing IT Search deployment and experience for problem solving, alerting and reporting even during changes to the core networking technologies that run their environments. Check out

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

Feedback submitted, thanks!

You must be logged into splunk.com in order to post comments.
Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic.
If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk,
consider posting a question to Splunkbase Answers.